31 matches found
CVE-2026-11589 WP Support Plus Responsive Ticket System <= 9.1.2 - Unauthenticated Stored XSS via File Upload
The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not properly validate uploaded files, allowing unauthenticated users to upload files containing malicious JavaScript such as HTML or SVG to a publicly accessible location, leading to Stored Cross-Site Scripting attac...
VulnCheck KEV: CVE-2026-2931
The Amelia Booking plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 9.1.2. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...
CVE-2026-2931
The CVE-2026-2931 entry concerns the Amelia Booking plugin for WordPress (versions up to and including 9.1.2). The vulnerability is an Insecure Direct Object Reference that allows a user-controlled access to objects, enabling authenticated users with customer-level permissions or higher to change...
CVE-2025-67279
An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via the application stores password hashes in MD5 format...
CVE-2025-67278
An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via a crafted HTTP request...
CVE-2025-67280
In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Hibernate Query Language injection vulnerabilities exist which allow a low privileged user to extract passwords of other users and access sensitive data of another user...
PT-2026-1877
Name of the Vulnerable Software and Affected Versions TIM BPM Suite/ TIM FLOW versions through 9.1.2 Description The software contains multiple SQL injection flaws that could allow both low-privileged and administrative users to access the database and its contents. Recommendations Versions prior...
TIM BPM Suite和TIM FLOW 安全漏洞
TIM BPM Suite and TIM FLOW are both business process management software from TIM Germany. A security vulnerability exists in TIM BPM Suite,TIM FLOW 9.1.2 and earlier versions, which originates from SQL injection and could lead to unauthorized access to the database...
TIM BPM Suite和TIM FLOW 安全漏洞
TIM BPM Suite and TIM FLOW are both business process management software from TIM Germany. A security vulnerability exists in TIM BPM Suite and TIM FLOW versions prior to 9.1.2, which originates from a specially crafted HTTP request and could result in elevated privileges...
TIM BPM Suite和TIM FLOW 安全漏洞
TIM BPM Suite and TIM FLOW are both business process management software from TIM Germany. A security vulnerability exists in TIM BPM Suite and TIM FLOW versions 9.1.2 and earlier, which stems from an authorization bypass that could lead to elevated privileges and information disclosure...
Security Bulletin: IBM Maximo Application Suite Predict Component uses WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service.
Summary Security Bulletin: IBM Maximo Application Suite Predict Component uses WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...
Linux Distros Unpatched Vulnerability : CVE-2022-28129
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apach...
WordPress WooCommerce plugin <= 9.1.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin WooCommerce versions = 9.1.2...
CVE-2024-30274
Substance3D - Painter versions 9.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
PT-2023-7070 · Splunk · Splunk Enterprise
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.0.7 Splunk Enterprise versions prior to 9.1.2 Description: The issue is related to ineffective escaping in the "Show syntax Highlighted" feature, which can result in the execution of unauthorized code in ...
PT-2022-27002 · Unknown · Concrete Cms
Name of the Vulnerable Software and Affected Versions: Concrete CMS formerly concrete5 versions 9.0.0 through 9.1.2 Concrete CMS formerly concrete5 versions prior to 8.5.10 Description: The issue allows the authTypeConcreteCookieMap table to be filled up, causing a denial of service due to high...
TOTOLINK A3700R 缓冲区错误漏洞
The TOTOLINK A3700R is a wireless router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK A3700R version V9.1.2u.6134B20201202, which stems from a stack overflow in the command parameter of the setTracerouteCfg method...
UBUNTU-CVE-2022-31779
Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2...
UBUNTU-CVE-2022-28129
Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apache Traffic Server 8.0.0 to 9.1.2...
Palo Alto Networks PAN-OS Formatting String Error Vulnerability (CNVD-2020-22957)
Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall appliances. A Formatting String Error vulnerability exists in the Varrcvr daemon in PAN-OS version 9.0 prior to 9.0.7 and version 9.1 prior to 9.1.2 in Palo Alto Networks. A remote attacker could...